People are increasingly dependent on the Internet and in particular on the World Wide Web. For example, the Web is often used to access emails, conduct business, purchase goods and services, and for online banking, to name just a few things. Many of these activities involve interaction with a Web service via a Web site.
Web services often require proper user authentication to identify a user and establish secure channels with a remote computing device, such as a user's mobile computing device. A Web site associated with this type of Web service is sometimes referred to as a secure site. Although many secure authentication schemes have been proposed, an authenticating textual password is still dominantly used in Web applications due to its convenience, and ease in use and deployment. In password-based user authentication, a user is required to input a textual password to gain access to a service.